100 



102 



104 



106 



105 



►Transmit/Store 




108 



Transmit/Store 



Fig. 1A 



Retrieve/Receive 




Fig. 1B 




203 



202 



Mi" 



til 



□ 

;'"US 



210 



I/O 



212 



Network 
Interface 



218 



Operating System 



File Handling System 



User Interface Procedures 



I/O Procedures 



Application Programs 



Encryption/Decryption Modules 



Hashing Module 



Keys 



Data 




206 



CPU 



216 



Bus 



240 



Disk Drive 



214 



i 

-i- 



i 




o 



Fig. 2A 



204 




296 



r 



256 



275 



Network 
Interface 



246 



248' 



RAM 



272' 

250 ^~ 
284' 
285' 

286' 

251 *~ 



Operating System 



File Handling System 



User Interface Procedures 



I/O Procedures 



Programs 



ROM 



Input Verification Logic 



Signature Verification Logic 



Hashing Module(s) 



'Non-Volatile Memory 



Encrypted Data 



Programs 



£1 



259 



Buffer 



User Interface 




262 



-260 



264 



CPU 



244 



4 



273 



1 Cryptographic !. 



i Circuitry J 



•270 



288- 



PPE 



294^1 



T— I 



269-^1 



ij ROM 

I— 1 



CPU 



291 



•293 



RAM 



7290 



Disk Drive 



258 



^274 



i 




o 



280 



Fig. 2B 



Begin 



Set Prev_Check_Value to 
"Pattern" 



B 

w 

01 

□ 

S 

o 

U! 



YiS 



For Each Block, Pi 



300 



1 


r 


Hash Block 


^ 


f 


Combine Hashed Block with 
Prev_Check_Value 




r 


Save Combination 




f 


Prev_Check_Value = 
Combination 




f 



302 



304 



306 



H(Ci) 



308 




309 



310 



V S(H(C1)) 



FIG. 3 



400- 



425 ~[_ 



i 

JL 



hi 



n-2 



P1 



423- 



JL 



7 L 



P2 



7 



418^41 



n-1 



Hash 



Hash 



T 



/ H(P1) / / H(P2) / 



Combine 



/ H(P2) / H(C3) / 



Hash 



/ H(C2) / 



Combine 



▼ 



/ H(P1) / H(C2) 



▼ 




Hash 





/ H(C1) ^ 422 



key • 



Sign 



/ S(H(C1)) / ^424 



402 



I 

T 



Hash 



T 
T 



Hash 



/ H(Pn-1) / / H(Pn) / 



404 



-412 




.406 



^ 407 



/ H(Cn) 408 



Combine 



/ H(Pn-1) / H(Cn) / 
415 



T 
JL 



Hash 



/ H(Cn-1) / ^414 



FIG. 4 



n 

■s:=- 



516 



c 



Begin 



9 



Receive First Block, S(H(C1))' 



-502 



Unsign 



Check_Val = H(C1)' 



1-504 
-506 



Key 



For Each Block 



, Pi' 



508 



Hash Block, H(Pi') 



-510 



H(Ci') = H(Pi') combined with 
H(Ci+1)' 



•512 



Take 
Defensive 
Action 




Not 




Equal 



Compare H(Ci') to Check_Value^>^514 



Eqjal 



Yis 



Release Block, Pi 



-518 



Check Value = H(Ci+1)' -520 



Increment 



Any More Blocks? 



•522 



c 



No 



End 



3 



FIG. 5 



600 





r 606 


r 610 


r 616 


r 620 


S(H(C1))' 


pr 


H(C2)' 


P2' 


H(C3)' 



602- 



Key — 
604-/ 



unsgn 



O 

yy 
VI 

m 
□ 

Q 



▼ r 

/ H(PV) 



608 



▼ r 



611 



Combine 



y H(PV) I H(C2)' 



Hash 



Hash 



▼ f 

J H(P2) J 



618 



Combine 



J H(Py) I H(C3)' 



H(C2)' 



H(C1)' 



O 



No Yes 

z \ 



612 



Hash I 



H(C3)' 



y/ H(C2') ^ 



I R< 



\^and Continue 



>< 

No Yes 



622 



u 




Abort 



Release P2* 
and Continue 




J H(Pn-1') J H(Cn)' j 



\ 


r 






Hash 


/ 


1 


r 



Combine 






Combine 







J H(Pn') I H(patt) ^ / 



H(Cn)' 



y/ H(Cn-V) ^ / 



• K = ? 




Hash 



J H(Cn') y 



No Yes 



Release Pn-1 
and Continue J 



No Yes 



Abort 



Release Pn' A 
and Continue ) 



FIG. 6 




FIG. 7 



Key 



r 



802a 



unsgn 



hi 

yil 
Q 

5 



802b 



















S(H(C1))' 


a 

X 


pr 


H(C2)' 


X 


p 2 . 


H(C3)' 





Hash 



^8 03a 

r V H(Pl) / 



-806 



804 



Combine 



810 



L 



H(PV) / H(C2)' 



812. 



7 



Hash 



61 H(C1) ' 

II! 

Q 

ri 



L 



Hash 



^8 03b 

- -/ H(P2-) y 



MUX 



Combine 



/ H(P?) y H(C3)' / 



H(C2)' 



rv i H(d ) y 



i NA808 

No Yes 

/ AKAt4 1 [ Release PV\ 
I Abort 1 ( and continue) 



^ Hash ^ 



H(C3)' 



/ H(C2 ) J 



No Yes 

f Ah«rt 1 f Release P2*\ 
I A** I I and Continue] 



7 



Pn-V 



Hash 



— H(Pn-V) J 



MUX 



y H(PrvV) I H(Cn)' / 



Hash 



H(Cn)' Pn' 



Hash 



H(Pn') 



7Z 



pattern 



MUX 



1 




V 1 


Combine 






Combine 


< 





y H(Pn') H(patt) / 



J H(Cn)' y 



/ H(Cn-V) J 




Hash 



/ H(Cn') / 



No Yes 



7 



FIG. 8 



m 

s=:=3 



o 



Key 



c 



Begin 



1 


r 


Partition Content Into Blocks, Pi 




f 


Hash Each Block, H(Pi) 




r 


Partition Hashes Into Groups, Gm,i 




f 


Hash Each Group, H(Gm,i) 




f 


Partition Hashes Into Groups, Gm-1,i 




f 


Hash Each Group, H(G2,i) 




f 


Combine Hashes Into Group, G1,1 




f 


Hash Group, H(G1,1) 




f 


- Sign Group Hash, S(H(G1,1)) 




f 


Store Signature and Hash Tree 




f 



910 



912 



914 



916 



918 



920 



922 



924 



926 



928 



c 



End 



FIG. 9 



I 

hi 



S 



i 
□ 



C 



Begin 



) 



1 


r 


Obtain Content 




r 


Get Content Selection 




r 



-1102 



-1104 



1110 



V-^1106 



For Each Content Block 



Authentication 
Failure Handler 



Not 



Authentication 
Failure Handler 



1114 



OK 



Not 



OK 



1 


r 


Load and Authenticate Relevant 
Portion of Hash Tree 


c 


K 
r 


Authenticate Content Block 


c 


K 
r 


Release Content for Use 




r 



-1108 



-1112 



Any More Blocks? 



-1116 



-1118 



c 



No 



End 



FIG. 11 



c 



Begin 



4 

_J 



1505. 



Verification Failure 
Handler 



4 No 



Hash Content Block 



-1502 




1504 



FIG. 15A 



m 

w 

m 

L.3 

s 

L.JI 

5 

□ 



c 



Begin 



) 



1 


r 


Determine Block/Group Boundaries 




r 


Hash Each Block in Group 




r 



Combine Hashes 



-1510 



-1512 



-1514 



1519 



2\ 



Verification Failure 
Handler 



4 No 



Hash Combination 



-1516 




1518 



1520 



FIG. 15B 



